Bug 2170808

.A new `ssl_pass_phrase_dialog` directive in `nginx:1.22` With this update to the `nginx:1.22` module stream, you can use the new `ssl_pass_phrase_dialog` directive to configure an external program that is called at `nginx` start for each encrypted private key. To use the new directive, add one of the following lines to the `/etc/nginx/nginx.conf` file: * To call an external program for each encrypted private key file, enter: + ---- ssl_pass_phrase_dialog exec:<path_to_program>; ---- + `nginx` calls this program with the following two arguments: + ** The server name specified in the `server_name` setting. ** One of the following algorithms: `RSA`, `DSA`, `EC`, `DH`, or `UNK` if a cryptographic algorithm cannot be recognized. * If you want to manually enter a passphrase for each encrypted private key file, enter: + ---- ssl_pass_phrase_dialog builtin; ---- + This is the default behavior if `ssl_pass_phrase_dialog` is not configured. + Note that the `nginx` service fails to start if you use this method but have at least one private key protected by a passphrase. In this case, use one of the other methods. * If you want `systemd` to prompt for the passphrase for each encrypted private key when you start the `nginx` service by using the `systemctl` utility, enter: + ---- ssl_pass_phrase_dialog exec:/usr/libexec/nginx-ssl-pass-dialog; ---- Note that the `ssl_pass_phrase_dialog` directive in `nginx` is similar to the `SSLPassPhraseDialog` directive in the Apache HTTP Server.